With the advent of computers and communication networks, the ability to generate, store, utilize, distribute, publish or otherwise share content and information has vastly improved. This has further led to the routine transfer of large amounts of data, content and information between devices. While much of the material transferred between devices is exactly that which is desired by the corresponding users, malicious software (or malware) can also be transferred among devices. The malware may pose privacy or security concerns, or it may be disruptive or even destructive and costly in some situations.
In order to attempt to minimize the impact of malware, users may generate local backups of the data stored on their systems or take other measures to safeguard their data. However, ransomware is particularly dangerous since it generally gains operating system (OS) kernel access through an exploit and then uses the access to encrypt the data on the system. The key for encryption is then maintained by the owner of the malware to prevent the user from accessing the encrypted data until a ransom is paid.
Ransomware continues to get more sophisticated, and is even sometimes able to encrypt backed up copies of data. Moreover, recent attacks on government agencies, hospitals and personal users have occurred and, in some of those cases, the FBI has been reported as actually advising some victims to pay the ransom.
One technique that has been suggested as a defense is to keep anti-malware software up to date, keep all OS and software up to date, an avoid responding to phishing attacks, etc. However, long experience has shown that these recommendations, while helpful, are not 100% assured of providing protection against any kind of malware.
Accordingly, it may be desirable to continue to develop improved and/or more effective mechanisms by which protection against this type of malware.